{"vulnerability": "cve-2023-3300", "sightings": [{"uuid": "8191a485-200b-41f5-bdf5-c7c0af7d12fb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-33009", "type": "seen", "source": "MISP/d17bd6ef-d68b-317b-ac33-cdbc44c5fc57", "content": "", "creation_timestamp": "2025-08-31T03:12:58.000000Z"}, {"uuid": "73e60b02-31f4-4416-9fa0-b8762607b640", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-33009", "type": "exploited", "source": "https://vulnerability.circl.lu/known-exploited-vulnerabilities-catalog/d9ec5534-4fa6-4376-bccc-ae093c8406c6", "content": "", "creation_timestamp": "2026-02-02T12:26:57.840831Z"}, {"uuid": "5f9dbda3-f312-49eb-ab9d-07ef190768cf", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-33009", "type": "published-proof-of-concept", "source": "https://t.me/cKure/11981", "content": "\u25a0\u25a0\u25a0\u25a0\u25a1 Russia: Sandworm have breached Danish energy sector companies. \nVery nice timeline analysis.\nCVE-2023-28771 + CVE-2023-33009 + CVE-2023-33010\n\nhttps://github.com/blackorbird/APT_REPORT/blob/master/Sandworm/sektorcert-angrebet-mod-dansk-kritisk-infrastruktur-tlp-clear-en.pdf", "creation_timestamp": "2023-11-15T09:27:54.000000Z"}, {"uuid": "7059a4ed-079b-4820-952d-428a193d2ebe", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-33009", "type": "seen", "source": "https://t.me/arpsyndicate/375", "content": "#ExploitObserverAlert\n\nCVE-2023-33009\n\nDESCRIPTION: Exploit Observer has 3 entries related to CVE-2023-33009. A buffer overflow vulnerability in the notification function in Zyxel ATP series firmware versions 4.60 through 5.36 Patch 1, USG FLEX series firmware versions 4.60 through 5.36 Patch 1, USG FLEX 50(W) firmware versions 4.60 through 5.36 Patch 1, USG20(W)-VPN firmware versions 4.60 through 5.36 Patch 1, VPN series firmware versions 4.60 through 5.36 Patch 1, ZyWALL/USG series firmware versions 4.60 through 4.73 Patch 1, could allow an unauthenticated attacker to cause denial-of-service (DoS) conditions and even a remote code execution on an affected device.\n\nFIRST-EPSS: 0.028100000\nNVD-IS: 5.9\nNVD-ES: 3.9", "creation_timestamp": "2023-11-22T23:57:09.000000Z"}, {"uuid": "fad1e1f4-628e-4bd2-8b15-95dbe6f2d5d4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-33009", "type": "exploited", "source": "https://t.me/KomunitiSiber/314", "content": "Zyxel Firewalls Under Attack! Urgent Patching Required\nhttps://thehackernews.com/2023/06/zyxel-firewalls-under-attack-urgent.html\n\nThe U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday\u00a0placed\u00a0two recently disclosed flaws in Zyxel firewalls to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation.\nThe vulnerabilities, tracked as\u00a0CVE-2023-33009 and CVE-2023-33010, are buffer overflow vulnerabilities that could enable an unauthenticated attacker to cause a", "creation_timestamp": "2023-06-06T07:25:44.000000Z"}, {"uuid": "842ddd82-76a9-4086-8d6d-ab78e7f56cfc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-33009", "type": "seen", "source": "https://t.me/KomunitiSiber/262", "content": "Zyxel Issues Critical Security Patches for Firewall and VPN Products\nhttps://thehackernews.com/2023/05/zyxel-issues-critical-security-patches.html\n\nZyxel has released software updates to address two critical security flaws affecting select firewall and VPN products that could be abused by remote attackers to achieve code execution.\nBoth the flaws \u2013\u00a0CVE-2023-33009 and CVE-2023-33010\u00a0\u2013 are\u00a0buffer overflow vulnerabilities\u00a0and are rated 9.8 out of 10 on the CVSS scoring system.\nA brief description of the two issues is below -\n\nCVE-2023-33009\u00a0-", "creation_timestamp": "2023-05-25T19:12:23.000000Z"}, {"uuid": "7cff4167-3661-4b81-8450-e932ef481c04", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-33001", "type": "seen", "source": "https://t.me/cibsecurity/64222", "content": "\u203c CVE-2023-33001 \u203c\n\nJenkins HashiCorp Vault Plugin 360.v0a_1c04cf807d and earlier does not properly mask (i.e., replace with asterisks) credentials in the build log when push mode for durable task logging is enabled.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-05-16T20:30:36.000000Z"}, {"uuid": "d2700dad-7785-46e6-810e-a5a85cc4124d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-33007", "type": "seen", "source": "https://t.me/cibsecurity/64228", "content": "\u203c CVE-2023-33007 \u203c\n\nJenkins LoadComplete support Plugin 1.0 and earlier does not escape the LoadComplete test name, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-05-16T20:30:42.000000Z"}, {"uuid": "8e51492a-deec-4bd2-850c-396966df5b66", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-33003", "type": "seen", "source": "https://t.me/cibsecurity/64227", "content": "\u203c CVE-2023-33003 \u203c\n\nA cross-site request forgery (CSRF) vulnerability in Jenkins Tag Profiler Plugin 0.2 and earlier allows attackers to reset profiler statistics.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-05-16T20:30:41.000000Z"}, {"uuid": "c7e4e5a4-641e-4075-96aa-b8aa3f76d461", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-33000", "type": "seen", "source": "https://t.me/cibsecurity/64225", "content": "\u203c CVE-2023-33000 \u203c\n\nJenkins NS-ND Integration Performance Publisher Plugin 4.8.0.149 and earlier does not mask credentials displayed on the configuration form, increasing the potential for attackers to observe and capture them.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-05-16T20:30:39.000000Z"}, {"uuid": "346203d3-66a2-4fa2-8869-8b436e06883a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-33004", "type": "seen", "source": "https://t.me/cibsecurity/64224", "content": "\u203c CVE-2023-33004 \u203c\n\nA missing permission check in Jenkins Tag Profiler Plugin 0.2 and earlier allows attackers with Overall/Read permission to reset profiler statistics.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-05-16T20:30:38.000000Z"}, {"uuid": "45979b38-ff71-45e3-be52-0de910e58531", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-33009", "type": "seen", "source": "https://t.me/cibsecurity/64677", "content": "\u203c CVE-2023-33009 \u203c\n\nA buffer overflow vulnerability in the notification function in Zyxel ATP series firmware versions 4.32 through 5.36 Patch 1, USG FLEX series firmware versions 4.50 through 5.36 Patch 1, USG FLEX 50(W) firmware versions 4.25 through 5.36 Patch 1, USG20(W)-VPN firmware versions 4.25 through 5.36 Patch 1, VPN series firmware versions 4.30 through 5.36 Patch 1, ZyWALL/USG series firmware versions 4.25 through 4.73 Patch 1, could allow an unauthenticated attacker to cause denial-of-service (DoS) conditions and even a remote code execution on an affected device.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-05-24T16:26:54.000000Z"}, {"uuid": "d8db1ad9-cccc-4636-b5a9-8108c4e0ad03", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-33009", "type": "seen", "source": "MISP/3c19819c-1dac-4ef2-bfed-be5efa7e0123", "content": "", "creation_timestamp": "2023-06-14T21:10:04.000000Z"}, {"uuid": "437a1be1-83b5-4df9-8ca1-7cd759ccbc47", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-33009", "type": "seen", "source": "MISP/b4a98411-68c8-46bf-aff8-1659046646b3", "content": "", "creation_timestamp": "2023-11-13T18:11:01.000000Z"}, {"uuid": "cd331c94-0de8-43e7-a0a4-6da456f5cf5c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-33009", "type": "seen", "source": "https://feedsin.space/feed/CISAKevBot/items/2971828", "content": "", "creation_timestamp": "2024-12-24T20:34:33.767294Z"}, {"uuid": "7fed52a3-a1a2-43e4-a164-f37a116cc75a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-33003", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/2757", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2023-33003\n\ud83d\udd39 Description: A cross-site request forgery (CSRF) vulnerability in Jenkins Tag Profiler Plugin 0.2 and earlier allows attackers to reset profiler statistics.\n\ud83d\udccf Published: 2023-05-16T16:00:19.486Z\n\ud83d\udccf Modified: 2025-01-23T15:46:50.541Z\n\ud83d\udd17 References:\n1. https://www.jenkins.io/security/advisory/2023-05-16/#SECURITY-3083", "creation_timestamp": "2025-01-23T16:03:04.000000Z"}, {"uuid": "040c6c7d-6cd3-4233-8633-67eaf795133a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-33005", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/2760", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2023-33005\n\ud83d\udd39 Description: Jenkins WSO2 Oauth Plugin 1.0 and earlier does not invalidate the previous session on login.\n\ud83d\udccf Published: 2023-05-16T16:00:20.871Z\n\ud83d\udccf Modified: 2025-01-23T15:38:06.819Z\n\ud83d\udd17 References:\n1. https://www.jenkins.io/security/advisory/2023-05-16/#SECURITY-2991", "creation_timestamp": "2025-01-23T16:03:06.000000Z"}, {"uuid": "1b47f15c-6a3e-4386-9572-cccb7c616621", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-33008", "type": "seen", "source": "https://t.me/cibsecurity/66182", "content": "\u203c CVE-2023-33008 \u203c\n\nDeserialization of Untrusted Data vulnerability in Apache Software Foundation Apache Johnzon.A malicious attacker can craft up some JSON input that uses large numbers (numbers such as\u00c2\u00a01e20000000) that Apache Johnzon will deserialize into BigDecimal and maybe use numbers too large which may result in a slow conversion (Denial of service risk). Apache Johnzon 1.2.21 mitigates this by setting a scale limit of 1000 (by default) to the BigDecimal. This issue affects Apache Johnzon: through 1.2.20.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-07-07T14:31:06.000000Z"}, {"uuid": "ccb99fb8-0b54-4f8c-ad11-f8de13436eda", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-33009", "type": "seen", "source": "MISP/b4a98411-68c8-46bf-aff8-1659046646b3", "content": "", "creation_timestamp": "2025-07-07T05:16:45.000000Z"}, {"uuid": "f87f399a-3dd1-4292-ae2a-352af9b23fac", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-33009", "type": "exploited", "source": "https://vulnerability.circl.lu/known-exploited-vulnerabilities-catalog/d9ec5534-4fa6-4376-bccc-ae093c8406c6", "content": "", "creation_timestamp": "2026-02-02T12:26:57.840831Z"}, {"uuid": "c7e9ccda-aea0-4b90-ad6f-79cc4608a4c2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-33001", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/2753", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2023-33001\n\ud83d\udd39 Description: Jenkins HashiCorp Vault Plugin 360.v0a_1c04cf807d and earlier does not properly mask (i.e., replace with asterisks) credentials in the build log when push mode for durable task logging is enabled.\n\ud83d\udccf Published: 2023-05-16T16:00:18.099Z\n\ud83d\udccf Modified: 2025-01-23T15:50:41.687Z\n\ud83d\udd17 References:\n1. https://www.jenkins.io/security/advisory/2023-05-16/#SECURITY-3077", "creation_timestamp": "2025-01-23T16:02:58.000000Z"}, {"uuid": "8eb60bc4-d651-4e4d-a1b0-ee62837166ad", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-33000", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/2752", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2023-33000\n\ud83d\udd39 Description: Jenkins NS-ND Integration Performance Publisher Plugin 4.8.0.149 and earlier does not mask credentials displayed on the configuration form, increasing the potential for attackers to observe and capture them.\n\ud83d\udccf Published: 2023-05-16T16:00:17.398Z\n\ud83d\udccf Modified: 2025-01-23T15:52:11.359Z\n\ud83d\udd17 References:\n1. https://www.jenkins.io/security/advisory/2023-05-16/#SECURITY-2962", "creation_timestamp": "2025-01-23T16:02:57.000000Z"}, {"uuid": "5e07d22c-8603-4eaf-aef1-f4522e89215c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-33004", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/2759", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2023-33004\n\ud83d\udd39 Description: A missing permission check in Jenkins Tag Profiler Plugin 0.2 and earlier allows attackers with Overall/Read permission to reset profiler statistics.\n\ud83d\udccf Published: 2023-05-16T16:00:20.189Z\n\ud83d\udccf Modified: 2025-01-23T15:45:16.505Z\n\ud83d\udd17 References:\n1. https://www.jenkins.io/security/advisory/2023-05-16/#SECURITY-3083", "creation_timestamp": "2025-01-23T16:03:06.000000Z"}, {"uuid": "c2f65b16-a064-434f-a02a-f99aff29da9d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-33002", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/2754", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2023-33002\n\ud83d\udd39 Description: Jenkins TestComplete support Plugin 2.8.1 and earlier does not escape the TestComplete project name, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.\n\ud83d\udccf Published: 2023-05-16T16:00:18.784Z\n\ud83d\udccf Modified: 2025-01-23T15:48:59.468Z\n\ud83d\udd17 References:\n1. https://www.jenkins.io/security/advisory/2023-05-16/#SECURITY-2892", "creation_timestamp": "2025-01-23T16:02:59.000000Z"}, {"uuid": "bab7d1e1-abc3-4e96-b7db-e328751151ff", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-33009", "type": "seen", "source": "Telegram/o33eMMvV5GbS5_yvZwxR9Wy9Vxsb16o4MXlOt7k80dQpLQ", "content": "", "creation_timestamp": "2023-05-25T19:04:24.000000Z"}, {"uuid": "2f9888d0-b729-4b88-9c0d-02377e547cf7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-33009", "type": "exploited", "source": "Telegram/7hx0Eh-1rj7GqCpsGv8vc3vl2LENad0XkZ8Du0V4VFE6pg", "content": "", "creation_timestamp": "2023-06-06T06:52:33.000000Z"}, {"uuid": "b5a821bf-0c5e-4698-9d06-15b942f68249", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-33009", "type": "seen", "source": "https://t.me/true_secator/4429", "content": "Zyxel \u0438\u0441\u043f\u0440\u0430\u0432\u0438\u043b\u0430 \u0434\u0432\u0435 \u043a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u0432 \u0441\u0432\u043e\u0438\u0445 \u043f\u0440\u043e\u0434\u0443\u043a\u0442\u0430\u0445 firewall \u0438 VPN.\n\n\u041a\u0430\u043a \u043f\u0440\u0435\u0434\u0443\u043f\u0440\u0435\u0434\u0438\u043b \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044c, \u043e\u0431\u0430 \u043d\u0435\u0434\u043e\u0441\u0442\u0430\u0442\u043a\u0430 \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0441\u0432\u044f\u0437\u0430\u043d\u044b \u0441 \u043f\u0435\u0440\u0435\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u0435\u043c \u0431\u0443\u0444\u0435\u0440\u0430, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044f \u043c\u0430\u043d\u0438\u043f\u0443\u043b\u0438\u0440\u043e\u0432\u0430\u0442\u044c \u043f\u0430\u043c\u044f\u0442\u044c\u044e \u0438 \u0437\u0430\u043f\u0438\u0441\u044b\u0432\u0430\u0442\u044c \u0434\u0430\u043d\u043d\u044b\u0435 \u0437\u0430 \u043f\u0440\u0435\u0434\u0435\u043b\u0430\u043c\u0438 \u0432\u044b\u0434\u0435\u043b\u0435\u043d\u043d\u043e\u0433\u043e \u0440\u0430\u0437\u0434\u0435\u043b\u0430.\n\n\u0412\u0441\u0435 \u044d\u0442\u043e \u043f\u0440\u0438\u0432\u043e\u0434\u0438\u0442 \u043a DoS \u0438 RCE \u043d\u0430 \u0443\u044f\u0437\u0432\u0438\u043c\u044b\u0445 \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432\u0430\u0445. \u041f\u0440\u0438\u0447\u0435\u043c \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0438 \u043c\u043e\u0433\u0443\u0442 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u044c \u0431\u0430\u0433\u0438 \u0431\u0435\u0437 \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u0438.\n\n\u041f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0435 \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u0435 Zyxel \u043a\u0430\u043a \u0440\u0430\u0437 \u0442\u0430\u043a\u0438 \u0443\u0441\u0442\u0440\u0430\u043d\u044f\u0435\u0442 \u043d\u0435\u0434\u043e\u0441\u0442\u0430\u0442\u043a\u0438 CVE-2023-33009 \u0438 CVE-2023-33010 \u0441 \u043e\u0446\u0435\u043d\u043a\u043e\u0439 \u043a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u043e\u0439 \u0441\u0435\u0440\u044c\u0435\u0437\u043d\u043e\u0441\u0442\u0438 \u0443 \u043a\u0430\u0436\u0434\u043e\u0439 \u0432 9,8 \u0431\u0430\u043b\u043b\u043e\u0432.\n\n\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u0437\u0430\u0442\u0440\u0430\u0433\u0438\u0432\u0430\u044e\u0442 \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432\u0430 \u0441 \u043f\u0440\u043e\u0448\u0438\u0432\u043a\u0430\u043c\u0438: ATP \u0432\u0435\u0440\u0441\u0438\u0438 \u043e\u0442 ZLD V4.32 \u0434\u043e V5.36, USG FLEX \u043e\u0442 ZLD V4.50 \u0434\u043e V5.36, USG FLEX50 (W) / USG20 (W) - \u043f\u0440\u043e\u0448\u0438\u0432\u043a\u0438 VPN \u0432\u0435\u0440\u0441\u0438\u0439 \u043e\u0442 ZLD V4.25 \u0434\u043e V5.36, VPN \u0432\u0435\u0440\u0441\u0438\u0438 \u043e\u0442 ZLD V4.30 \u0434\u043e V5.36 \u0438 ZyWALL / USG \u043e\u0442 ZLD V4.25 \u0434\u043e V4.73.\n\n\u0412 \u0431\u043e\u043b\u044c\u0448\u0438\u043d\u0441\u0442\u0432\u0435 \u0441\u0432\u043e\u0435\u043c \u043f\u043e\u0434\u043e\u0431\u043d\u044b\u0435 \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432\u0430 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044e\u0442\u0441\u044f \u043f\u0440\u0435\u0434\u043f\u0440\u0438\u044f\u0442\u0438\u044f\u043c\u0438 \u043c\u0430\u043b\u043e\u0433\u043e \u0438 \u0441\u0440\u0435\u0434\u043d\u0435\u0433\u043e \u0431\u0438\u0437\u043d\u0435\u0441\u0430 \u0434\u043b\u044f \u0437\u0430\u0449\u0438\u0442\u044b \u0441\u0432\u043e\u0435\u0439 \u0441\u0435\u0442\u0438 \u0438 \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0433\u043e \u0441\u0435\u0442\u0435\u0432\u043e\u0433\u043e \u0434\u043e\u0441\u0442\u0443\u043f\u0430 \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u044b\u043c \u0438\u043b\u0438 \u0434\u043e\u043c\u0430\u0448\u043d\u0438\u043c \u0440\u0430\u0431\u043e\u0442\u043d\u0438\u043a\u0430\u043c, \u0432 \u0441\u0432\u044f\u0437\u0438 \u0441 \u0447\u0435\u043c \u0442\u0430\u043a\u0438\u0435 \u0434\u0435\u0432\u0430\u0439\u0441\u044b \u044f\u0432\u043b\u044f\u044e\u0442\u0441\u044f \u043e\u0431\u044a\u0435\u043a\u0442\u043e\u043c \u0443\u0441\u0442\u0440\u0435\u043c\u043b\u0435\u043d\u0438\u0439 \u0441\u043e \u0441\u0442\u043e\u0440\u043e\u043d\u044b \u0445\u0430\u043a\u0435\u0440\u043e\u0432.\n\n\u041f\u043e\u0441\u0442\u0430\u0432\u0449\u0438\u043a \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0443\u0435\u0442 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044f\u043c \u0437\u0430\u0442\u0440\u043e\u043d\u0443\u0442\u044b\u0445 \u043f\u0440\u043e\u0434\u0443\u043a\u0442\u043e\u0432 \u043a\u0430\u043a \u043c\u043e\u0436\u043d\u043e \u0441\u043a\u043e\u0440\u0435\u0435 \u0443\u0441\u0442\u0430\u043d\u043e\u0432\u0438\u0442\u044c \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0438\u0435 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f, \u0434\u0430\u0431\u044b \u0438\u0441\u043a\u043b\u044e\u0447\u0438\u0442\u044c \u0440\u0438\u0441\u043a \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u044f \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0430\u043c\u0438 \u043d\u0435\u0434\u043e\u0441\u0442\u0430\u0442\u043a\u043e\u0432. \n\n\u0412\u0435\u0434\u044c \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c Zyxel (CVE-2023-28771), \u043a\u043e\u0442\u043e\u0440\u0430\u044f \u0431\u044b\u043b\u0430 \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0430 \u0432 \u043f\u0440\u043e\u0448\u043b\u043e\u043c \u043c\u0435\u0441\u044f\u0446\u0435,\u00a0\u0430\u043a\u0442\u0438\u0432\u043d\u043e \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0438\u0440\u0443\u0435\u0442\u0441\u044f \u0431\u043e\u0442\u043d\u0435\u0442\u043e\u043c Mirai DDoS.\u00a0\u0410\u0442\u0430\u043a\u0438 \u043d\u0430\u0447\u0430\u043b\u0438\u0441\u044c \u0443\u0436\u0435 \u0447\u0435\u0440\u0435\u0437 \u043d\u0435\u0434\u0435\u043b\u044e \u043f\u043e\u0441\u043b\u0435 \u0442\u043e\u0433\u043e, \u043a\u0430\u043a \u0438\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u0438 \u0432\u044b\u043f\u0443\u0441\u0442\u0438\u043b\u0438 PoC \u0434\u043b\u044f \u044d\u0442\u043e\u0439 \u043e\u0448\u0438\u0431\u043a\u0438.", "creation_timestamp": "2023-05-26T18:40:05.000000Z"}, {"uuid": "d04fbb14-4b86-4dca-9f08-ea98bb2f4994", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-33009", "type": "seen", "source": "MISP/3c19819c-1dac-4ef2-bfed-be5efa7e0123", "content": "", "creation_timestamp": "2025-02-23T02:10:42.000000Z"}]}